Routes for domains not under my control

I have set up both on the Web UI and now have used tunnels for one CF account that has two subdomains under it’s account. I am able to make a tunnel, two routes (one for each hostname) and successfully tunnel using the cloudflared cli and config.yml (adding multiple hosts and services). I also have it setup for listening and pairing with k8s with a deployment

My question is, can I make a route on the cloudflared cli to a domain I do not essentially own, that I can’t add to cloudflare, but I have the administrative ability for them to then have whoever has that route (on cloudflare or another DNS Zone editing capable system) and add the cfargotunnel fqdn as a CNAME for the domain? I tried it in the novel way I thought would work but when I use a second cloudflare account that has a domain not under the tunnel’s owner, then it just gives an error 1033, Cloudflare Tunnel error - that it knows its a tunnel but cloudflare cannot resolve it.

I’m sure this has to do with the certificates behind the scenes that CF is passing for the routes.

Essentially, if I have a client that I am working with and they have their own CF account for their domain, least privilege says if they just want me to run a service/website for them and they want to use I wouldn’t want them to be forced to have to give me their CF credentials. Nor would I want to have them give me their entire websites CF account just to run one subdomain. So if I need to spin something up for them, I’d like to be able to just give them the CNAME record to add so that it will pass to my tunnel, which will be configured so that it’s listening for that specific subdomain.hostname.com request.

I think my other option is to run two instances of cloudflared, either on the machine or as a k8s deployment, and then have them open the cloudflared tunnel login link, so that it links their account to my tunnel (2nd tunnel), but they would still have to manually enter a CNAME for the route on that tunnel.